[RADIATOR] 64 bit version of authby lsa for ActivePerl 5.14
Hi, Would there happen to be a 64 bit version of LSA for the aforementioned Version of Active Perl? Found versions for AP up to vsn 5.12 in the free downloads directory but have 54.14 installed. Rgds Alex ** To view the terms under which this email is distributed please go to http://www2.hull.ac.uk/legal/disclaimer.aspx ** ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] 64 bit version of authby lsa for ActivePerl 5.14
On 01/11/2012 11:05 AM, Alex Sharaz wrote: > Would there happen to be a 64 bit version of LSA for the aforementioned > Version of Active Perl? Found versions for AP up to vsn 5.12 in the free > downloads directory but have 54.14 installed. LSA PPMs for Perl 5.14 have not been built yet. Also, Radiator 4.9 without patches prints out some warnings about features that will be removed in the future Perl releases. Maybe you could use 5.12 instead? Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Customizing the Radiator Server
I am trying to evaluate the Radiator Application. I have installed ActivePerl and modules and Radiator and so far according to the documentation I have read. I am now trying to understand how I can utilize the RADIUS Server. The equipment I will be logging into thru the RADIUS Server will require the user to enter a "Username" and "Password" which is passed to the server (sample of output to Server from REDCOM below). When Radiator receives the request, we want the server to be set up to identify the REDCOM system (would like to setup REDCOM with a Vendor ID = 32167 and a Attribute labeled Redcom-User-Class which would send a string back to our system (Capture shown below). I am trying to use the HTTP GUI interface and I think I would have to customize the REALM section but not sure how and if a flat file is required how to set this up. I have a connection with the server from our equipment, it is just a matter of getting the proper response back. Would appreciate any assista nce. Plus any info on setting up the RADSEC also but want to understand how to customize the server to my needs. Thanks FROM REDCOM to SERVER: Radius Protocol Code: Access-Request (1) Packet identifier: 0xd (13) Length: 66 Authenticator: 6362808e9710451697889a204d1af7db Attribute Value Pairs AVP: l=7 t=User-Name(1): root AVP: l=18 t=User-Password(2): Decrypted: "pokey\000\000\000\000\000\000\000\000\000\000\000" AVP: l=15 t=NAS-Identifier(32): redcom switch AVP: l=6 t=NAS-Port(5): 4 FROM SERVER to REDCOM: Radius Protocol Code: Access-Accept (2) Packet identifier: 0xd (13) Length: 67 Authenticator: e5da6909de553531aa74ebde05e1d446 Attribute Value Pairs Attribute Value Pairs AVP: l=12 t=Vendor-Specific(26) v=REDCOM Laboratories, Inc(32167) VSA: l=6 t=Unknown-Attribute(1): string Steven Saverino Integration Lab One Redcom Center Victor, New York Phone: (585) 924-7550 Extension: 455 E-mail: ssave...@redcom.com ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Customizing the Radiator Server
On 01/11/2012 04:38 PM, Saverino, Steven wrote: Hello Steven, try this to build a flat file based configuration: 1. Delete any Realm(s) you already have 2. Add new Realm. Name it DEFAULT. Realm DEFAULT will match any User-Name 3. Add new AuthBy for the Realm. Choose AuthBy FILE 4. The default Filename is %D/users. You can set it explicitly to e.g. /etc/radiator/users %D by default is /usr/local/etc/raddb on Unix. See the reference manual ref.pdf for more about DbDir 5. Save the configuration. It will overwrite any previous configuration with the new settings 6. Create the users file. You can not do this with the Radiator web GUI. You can use any editor that comes with your system. The users file should look like below (2 lines). /etc/radiator/users: root User-Password = "password" Redcom-User-Class = string 7. Create dictionary for Redcom VSAs since they are not yet in Radiator's default dictionary. Lets call the file /etc/radiator/dictionary.redcom The file is (5 lines): # # Redcom VSAs # VENDOR Redcom 32167 VENDORATTR 32167 Redcom-User-Class 1 string 8. Go back to Radiator web interface and choose 'Edit' from left side panel. Click 'Show Advanced Options'. Locate 'DictionaryFile' textbox and add ',/etc/radiator/dictionary.redcom' to the contents. DictionaryFile should now have Radiator's default dictionary and 'dictionary.redcom' as value. 9. Save the configuration, test and check the log. If everything goes well you should see this in the log: *** Sending to 127.0.0.1 port 54351 Code: Access-Accept Identifier: 170 Authentic: <171><190><1><194>W1O<156><255><189>aj<16><212><229><22> Attributes: Redcom-User-Class = "string" 10. An alternative is not to use the web interface. A simple Radiator configuration file (/etc/radiator/radius.cfg) that does the above would look like this: AcctPort 1646 AuthPort 1645 DbDir /etc/radiator DictionaryFile %D/dictionary,%D/dictionary.redcom LogDir . LogFile %L/logfile LogStdout PidFile %L/radiusd.pid Trace 4 Secret mysecret Filename %D/users Thanks! Heikki > I am trying to evaluate the Radiator Application. I have installed > ActivePerl and modules and Radiator and so far according to the > documentation I have read. I am now trying to understand how I can > utilize the RADIUS Server. The equipment I will be logging into thru > the RADIUS Server will require the user to enter a "Username" and > "Password" which is passed to the server (sample of output to Server > from REDCOM below). When Radiator receives the request, we want the > server to be set up to identify the REDCOM system (would like to > setup REDCOM with a Vendor ID = 32167 and a Attribute labeled > Redcom-User-Class which would send a string back to our system > (Capture shown below). I am trying to use the HTTP GUI interface and > I think I would have to customize the REALM section but not sure how > and if a flat file is required how to set this up. I have a > connection with the server from our equipment, it is just a matter of > getting the proper response back. Would appreciate any assista nce. > Plus any info on setting up the RADSEC also but want to understand how to > customize the server to my needs. Thanks > > > FROM REDCOM to SERVER: > > Radius Protocol > Code: Access-Request (1) > Packet identifier: 0xd (13) > Length: 66 > Authenticator: 6362808e9710451697889a204d1af7db Attribute Value Pairs > AVP: l=7 t=User-Name(1): root > AVP: l=18 t=User-Password(2): Decrypted: > "pokey\000\000\000\000\000\000\000\000\000\000\000" > AVP: l=15 t=NAS-Identifier(32): redcom switch > AVP: l=6 t=NAS-Port(5): 4 > > > FROM SERVER to REDCOM: > > Radius Protocol > Code: Access-Accept (2) > Packet identifier: 0xd (13) > Length: 67 > Authenticator: e5da6909de553531aa74ebde05e1d446 Attribute Value Pairs > Attribute Value Pairs > AVP: l=12 t=Vendor-Specific(26) v=REDCOM Laboratories, Inc(32167) > VSA: l=6 t=Unknown-Attribute(1): string > > > Steven Saverino > Integration Lab > One Redcom Center > Victor, New York > Phone: (585) 924-7550 > Extension: 455 > E-mail: ssave...@redcom.com > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Installing Win32lsa.tar.gz in Acive Perl
Hi, Up till now I've always managed to install everything I need in ActivePerl using ppm. I'm now using a 64bit release of windoze and from the radiator site I've downloaded the appropriate version of Win32-Lsa.tar.gz for ActivePerl 5.12. So how do I install it? Do I just take a copy of LSA.pm and put it into \perl64\lib Rgds Alex ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Installing Win32lsa.tar.gz in Acive Perl
On 01/11/2012 06:19 PM, Alex Sharaz wrote: > Up till now I've always managed to install everything I need in > ActivePerl using ppm. You can use ppm for retrieving ppms over the net too. See below. > I'm now using a 64bit release of windoze and from the radiator site > I've downloaded the appropriate version of Win32-Lsa.tar.gz for > ActivePerl 5.12. > > So how do I install it? > Do I just take a copy of LSA.pm and put it into \perl64\lib Try this: From ref.pdf LSA section: Install the Win32-Lsa perl module using PPM and ActivePerl 5.6, 5.8, 5,10 or 5.12 like this: ppm install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Development Ver. Question
Hello folks, I have a basic "best practices" question on how I might best run a separate "development" ver of radiator for testing without impacting a production instance on my network. Can I, and should I do this on the same host running the production radiusd ? Meaning can I safely run another instance that points to fresh config file and have it run on an alternate port ? I'd like to do some testing for a development wireless domain and minimize the impact on any current production use of radiator and would prefer not to have to do it on another box IF I can do so with no impact to production use. Thanks for any insight on this ! -john -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Education 4203C 805 893-8190 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Development Ver. Question
On 01/11/2012 09:46 PM, John Goubeaux wrote: > I have a basic "best practices" question on how I might best run a > separate "development" ver of radiator for testing without impacting > a production instance on my network. > Can I, and should I do this on the same host running the production > radiusd ? Meaning can I safely run another instance that points to > fresh config file and have it run on an alternate port ? Yes, this is possible. Just see that log and pid file names etc. do not overlap. Read-only files, such as dictionary, can of course be shared. With careful configuration you should not have problems. One common case is to have a separate authentication and accounting instance. So besides testing, multiple instances can be run for separate functionality and/or load balancing purposes too. > I'd like to > do some testing for a development wireless domain and minimize the > impact on any current production use of radiator and would prefer not > to have to do it on another box IF I can do so with no impact to > production use. I see no problem doing this. One option might be to run the instances under different uids and groups. If the test instance tries to e.g., write to wrong log file, the file permissions should stop it causing any actual harm. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Development Ver. Question
Hello John - An alternative approach that I always use is to keep all versions of Radiator in separate source directories, and run radiusd from the corresponding source directory when testing and in production. Ie. here is my source repository: TiTi:Radiator hugh$ pwd /Local/src/Radiator TiTi:Radiator hugh$ ls EAP-SIM Radiator-3.14.tgz Radiator-3.9.save Radiator-4.4.tgz Radiator-Locked-3.17.1 Live CD Radiator-3.15 Radiator-3.9.tgzRadiator-4.5 Radiator-Locked-3.17.1.tgz RadiatorRadiator-3.15.tgz Radiator-4.0 Radiator-4.5.1 Radiator-Locked-4.2 Radiator-3.10 Radiator-3.16 Radiator-4.0.tgzRadiator-4.5.1.tgz Radiator-Locked-4.2.tgz Radiator-3.10.tar.gzRadiator-3.16.tgz Radiator-4.0alpha Radiator-4.5.tgz Radiator-Locked-4.6 Radiator-3.11 Radiator-3.17 Radiator-4.0alpha.tgz Radiator-4.6 Radiator-Locked-4.6.tgz Radiator-3.11.hugh Radiator-3.17.1 Radiator-4.0betaRadiator-4.6.save Radiator-Locked-4.7 Radiator-3.11.save Radiator-3.17.1.save Radiator-4.0beta.tgzRadiator-4.6.save.2 Radiator-Locked-4.7.tgz Radiator-3.11.tgz Radiator-3.17.1.tgz Radiator-4.1 Radiator-4.6.tgzRadius-EAP-SIM Radiator-3.11.xxx Radiator-3.17.tgz Radiator-4.1.tgzRadiator-4.7 Radius-EAP-SIM-1.16 Radiator-3.12 Radiator-3.6Radiator-4.2 Radiator-4.7.pt Radius-EAP-SIM-1.16.tgz Radiator-3.12.tgz Radiator-3.6.tgz Radiator-4.2.tgzRadiator-4.7.tgz Radius-EAP-SIM-1.17 Radiator-3.13 Radiator-3.7.1 Radiator-4.3 Radiator-4.8Radius-EAP-SIM-1.17.tgz Radiator-3.13-1.noarch.rpm Radiator-3.7.1.tar Radiator-4.3.1 Radiator-4.8.tgzRadius-EAP-SIM-1.30 Radiator-3.13.save Radiator-3.8 Radiator-4.3.1.tgz Radiator-4.9 Radius-EAP-SIM-1.30.tgz Radiator-3.13.tgz Radiator-3.8.tar Radiator-4.3.tgzRadiator-4.9.tgz Radius-EAP-SIM-Cisco-ITP.tgz Radiator-3.14 Radiator-3.9Radiator-4.4 Radiator-Demo-3.9 WFA Radiator-3.14.save Radiator-3.9.hugh Radiator-4.4.save.for.now Radiator-Demo-3.9.tar Then, to run Radiator-4.9 for example: cd Radiator-4.9 perl radiusd -foreground -log_stdout -trace 4 -config_file some.config ….. Obviously, "some.config" is local to the source directory of the version of Radiator I am testing, and it will use different port numbers, log files and so on. I use the same technique in production environments with the startup scripts referencing a particular source direcory. This allows me to both do testing safely and to change versions in production in a safe manner and if necessary I can always go back to a previous version just by pointing to a different source directory. NB: When installing new versions of Radiator in my source repository, I **do not** do "make install", which keeps the Perl file hierarchy free from Radiator source files. This also allows the use of different versions of Perl which is advantageous in some environments. In my case I have 5 or 6 different versions of Perl on my machine for testing and this allows me to do so in a safe and simple manner. Hope that helps. regards Hugh On 12 Jan 2012, at 08:12, Heikki Vatiainen wrote: > On 01/11/2012 09:46 PM, John Goubeaux wrote: > >> I have a basic "best practices" question on how I might best run a >> separate "development" ver of radiator for testing without impacting >> a production instance on my network. > >> Can I, and should I do this on the same host running the production >> radiusd ? Meaning can I safely run another instance that points to >> fresh config file and have it run on an alternate port ? > > Yes, this is possible. Just see that log and pid file names etc. do not > overlap. Read-only files, such as dictionary, can of course be shared. > With careful configuration you should not have problems. > > One common case is to have a separate authentication and accounting > instance. So besides testing, multiple instances can be run for separate > functionality and/or load balancing purposes too. > >> I'd like to >
[RADIATOR] Radiator monitoring solutions
Hello Everyone - I have been asked by one of our customers to suggest good monitoring solutions for Radiator. Some suggestions I have heard include our own Radar tool, Solarwinds, Splunk, Cactii and whatever SNMP tool they are aleady using. What suggestions does the list have? many thanks Hugh -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator monitoring solutions
Hi Hugh, You can setup a Nagios server (free) which comes with RADIUS modules that can actually check service status (eg. launch an access-request every x minutes). There are online services too, but I find that if you operate Radiator you should be able to setup and run Nagios. Cheers, Mike Sent from my iPhone On Jan 12, 2012, at 6:31, Hugh Irvine wrote: > > Hello Everyone - > > I have been asked by one of our customers to suggest good monitoring > solutions for Radiator. > > Some suggestions I have heard include our own Radar tool, Solarwinds, Splunk, > Cactii and whatever SNMP tool they are aleady using. > > What suggestions does the list have? > > many thanks > > Hugh > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
